A vulnerability was reported in Windows SSL/TLS stack. A remote user can decrypt SSL/TLS sessions in certain cases.A remote user with the ability to conduct a man-in-the-middle attack on an HTTPS connection can decrypt SSL/TLS sessions. The vulnerability resides in the SSL 3.0 and TLS 1.0 specifications when using a Cipher-Block Chaining (CBC) based cryptographic algorithm.The TLS 1.1 and 1.2 protocols are not affected.

Impact:

A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions.